Oracle Patches Java Zero Day Vulnerability

Oracle delivered an unusual emergency patch to Java’s critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen in the wild dropping ransomware and assorted other malware.

Security Alert CVE-2013-0422 include two vulnerabilities that are remotely executable. Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java.

Java is used in 3 billion machines, about 2 billion of which are desktop or laptop computers. Similarly, Back in August last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers.

Lamar Bailey, director of security research and development for nCircle said, “We’re just two weeks into 2013 and already we’ve seen a surge of critical vulnerabilities and emergency patches. Oracle just added 86 new fixes to overloaded IT teams already struggling to keep up with emergency patches for Java, Internet Explorer and Ruby on Rails.
_
_ No matter how far behind IT teams are, they can’t afford to ignore this massive Oracle patch. Oracle Mobile Server has two CVEs that have a CVSS score of ten, that’s as bad as it gets. There are also two MySQL vulnerabilities that can be exploited remotely. All of these should be patched as soon as possible.”

January Patch include 86 security updates across all major product lines including Oracle Database and MySQL Server. Patches for a number of Oracle applications were released Tuesday, including nine for Oracle E-Business Suite (7 of which are remotely exploitable), 12 in Oracle PeopleSoft (7 remotely exploitable), 10 in Oracle Siebel CRM (5 remotely exploitable), and one each in Oracle Supply Chain Products Suite and Oracle JD Edwards Products.